About Remote Reach

Note Remote Reach is currently supported on these Digi devices: IX25.

Remote Reach is a Digi Remote Manager feature for securely connecting to reachable devices that are on the same network as your Digi device. Instead of exposing public IP addresses, opening firewall ports, or building custom VPN and routing configurations, Remote Reach uses your Digi device as the access path to downstream devices on or behind the network.

Remote Reach is primarily intended for connecting to devices near the Digi router, such as devices on the router's LAN, Wi-Fi network, or serial connection. Examples include point-of-sale systems, web-based management interfaces, industrial controllers, servers, and other on-site systems.

Why Remote Reach

Use Remote Reach when you need browser-based access to equipment at a remote site without dispatching a technician or changing the site network design. Remote Reach can help teams reduce time to recovery for remote systems such as:

  • Web management interfaces for equipment on the local network

  • Windows systems that support RDP

  • Linux, macOS, or other systems that support VNC or SSH

  • Industrial equipment or controllers connected by serial interface

  • Other systems reachable through supported protocols

Remote Reach is designed to provide a simpler alternative to public IP addressing, exposed firewall ports, or a separate third-party remote access tool.

Supported connection types

Remote Reach supports commonly used remote access protocols, including:

  • HTTP and HTTPS for web management interfaces

  • SSH for command-line access

  • Telnet for legacy command-line access

  • RDP for Windows Remote Desktop access

  • VNC for remote desktop access

  • Serial access for equipment connected to the Digi router by serial cable

The available connection types can vary based on the endpoint configuration and the capabilities of the target device.

How Remote Reach works

Remote Reach uses a secure WebRTC-based connection between the user's browser and the Digi router. Because the connection is browser-based, users do not need to install a separate client application to start a Remote Reach session.

Remote Reach setup process

Remote Reach setup has three parts:

  • Enabling Remote Reach for the account via the account settings in Digi Remote Manager.

  • Using a template to install the Remote Reach files on the Digi device(s).

    Tip Remote Reach cannot be enabled in the device's settings. You must enable Remote Reach with a template, even if you only want to use Remote Reach on one device.

  • Discovering, configuring, and adding device endpoints to Remote Reach.

For more information about this process, see Workflow | Remote Reach implementation.

Endpoints

An endpoint is a saved downstream device or service that Remote Reach can access through the Digi device's network. Each endpoint includes information such as a name, the IP address, and one or more services or protocols used to connect to that target.

For example, an endpoint might represent a point-of-sale computer with RDP enabled, a server with an HTTPS management interface, or an industrial controller available through a serial connection.

Security notes

Remote Reach is designed to avoid exposing public IP addresses or inbound firewall ports for downstream equipment. Remote Reach sessions are encrypted, and the preferred data path is peer-to-peer between the browser and the Digi router.

You are still responsible for authenticating to the downstream device. For example, when connecting to an HTTPS management interface that uses a self-signed certificate, the browser may display a certificate warning similar to the warning shown when accessing that same interface locally.